Let’s Encrypt: Secure Apache Web Server on Ubuntu 16.04

Sep 26, 2017

Starting with Chrome 56, the browser developed by Google marks non-secure pages containing password and credit card input fields asNot Securein the URL bar. It was almost one year ago, when the Mountain View giant announced this choice.
desigur, everybody knows that secure is better then insecure; but in this case, the big problem with HTTP is that it lacks a system for protecting communications between clients and servers. This exposes data to different kinds of attacks, de exemplu, the “Man in the middle” (MIM), in which the attacker intercepts your data. If you are using some transaction system with your bank, using credit card infos, or just entering a password to log in to a web site, this can become very dangerous.This is why HTTPS exists (HTTP over TLS, sau, HTTP over SSL, sau, HTTP Secure).If you are on Unixmen, you probably know what this means: SSL/TLS ensures encrypted connections.
Deci, if your job is to keep a web server up and running on, you should switch to HTTPS.To encrypt the traffic between server and client, web servers use SSL certificates. Let’s Encrypthelps in obtaining and installing a trusted certificatepentru drum liber.

In this tutorial we will see how to secure an Apache Web Server on Ubuntu 16.04 using Let’s Encrypt.

Install Let’s Encrypt

Let’s Encrypt provides a client software which will fetch certificates almost automatically. This software is calledCertbot, and the developers have their Ubuntu repository with up to date versions.

Deci, first of all, we will add the repository:

# add-apt-repository ppa:certbot/certbot

Următoarea, actualizare apt packages list:

# apt-get update

În acest moment, install Certbot:

# apt-get install python-certbot-apache

Install SSL Certificate

Once the Certbot client is installed, we can use it to obtain and install a new certificate for our server. It is possible touse a single certificate for many subdomains (or even domains). This can be done just passing all the domains ascertbotargument.

# certbot --apache -d www.example.com -d example.com

Certbot will present a step-by-step process to customize certificate options, and to enter information like email address. This last one will be used for key recovery. During the process it is possible to choice between which protocol to enable: both HTTP and HTTPS or HTTPS alone, which means that all requests will be automatically redirected. desigur, the best choice is to use only HTTPS, unless there are serious reasons to use unencrypted traffic to your server.

Testing Certificate

To verify the status of the SSL certificate, just go to the following link with a browser:

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com&latest

Certificates Renewal

Let’s Encryptcertificates last for 90 zile, so it’s up to you to renew. Using Certbot, you can test the automatic renewal system with this command:

certbot renew --dry-run

If it works, you can add acron sau systemdjob to manage automatic renewal.

Concluzia

We have seen how easy can be to install a SSL certificate on an Apache Web Server, running on top of Ubuntu 16.04, by using the software client provided by Let’s Encrypt. În acest moment, if you go with your browser tohttps://www.example.com sau https://example.comyou will see that the site will be correctly served through HTTPS.